You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2018/11/07 20:30:49 UTC

[GitHub] pbr0ck3r commented on issue #404: Show only Slices and Dashboards users have access to

pbr0ck3r commented on issue #404: Show only Slices and Dashboards users have access to
URL: https://github.com/apache/incubator-superset/pull/404#issuecomment-436766729
 
 
   @hamidmahmoodnbs seems like the slices/dashboard/schema filtering works. But the databases themselves are not filtered based on roles/permissions. On load of the SQL editor all databases are returned. Even if you have a role such as `database access on x.[id:5]` you get that database and all of the others. Instead of only getting x. Seems like a security issue to me. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org